+ uint16_t message = 0xFFFF; // message type
+ uint8_t fatal = 0;
+ uint8_t mandatory = 0;
+ uint16_t asession = 0; // assigned session
+ uint32_t amagic = 0; // magic number
+ uint8_t aflags = 0; // flags from last LCF
+ uint16_t version = 0x0100; // protocol version (we handle 0.0 as well and send that back just in case)
+ char called[MAXTEL] = ""; // called number
+ char calling[MAXTEL] = ""; // calling number
+
+ if (!config->cluster_iam_master)
+ {
+ master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
+ return;
+ }
+
+ // control messages must have bits 0x80|0x40|0x08
+ // (type, length and sequence) set, and bits 0x02|0x01
+ // (offset and priority) clear
+ if ((*buf & 0xCB) != 0xC8)
+ {
+ LOG(1, s, t, "Bad control header %02X\n", *buf);
+ STAT(tunnel_rx_errors);
+ return;
+ }
+
+ // check for duplicate tunnel open message
+ if (!t && ns == 0)
+ {
+ int i;
+
+ //
+ // Is this a duplicate of the first packet? (SCCRQ)
+ //
+ for (i = 1; i <= config->cluster_highest_tunnelid ; ++i)
+ {
+ if (tunnel[i].state != TUNNELOPENING ||
+ tunnel[i].ip != ntohl(*(in_addr_t *) & addr->sin_addr) ||
+ tunnel[i].port != ntohs(addr->sin_port) )
+ continue;
+ t = i;
+ LOG(3, s, t, "Duplicate SCCRQ?\n");
+ break;
+ }
+ }
+
+ LOG(3, s, t, "Control message (%d bytes): (unacked %d) l-ns %u l-nr %u r-ns %u r-nr %u\n",
+ l, tunnel[t].controlc, tunnel[t].ns, tunnel[t].nr, ns, nr);
+
+ // if no tunnel specified, assign one
+ if (!t)
+ {
+ if (!(t = new_tunnel()))
+ {
+ LOG(1, 0, 0, "No more tunnels\n");
+ STAT(tunnel_overflow);
+ return;
+ }
+ tunnelclear(t);
+ tunnel[t].ip = ntohl(*(in_addr_t *) & addr->sin_addr);
+ tunnel[t].port = ntohs(addr->sin_port);
+ tunnel[t].window = 4; // default window
+ STAT(tunnel_created);
+ LOG(1, 0, t, " New tunnel from %s:%u ID %u\n",
+ fmtaddr(htonl(tunnel[t].ip), 0), tunnel[t].port, t);
+ }
+
+ // If the 'ns' just received is not the 'nr' we're
+ // expecting, just send an ack and drop it.
+ //
+ // if 'ns' is less, then we got a retransmitted packet.
+ // if 'ns' is greater than missed a packet. Either way
+ // we should ignore it.
+ if (ns != tunnel[t].nr)
+ {
+ // is this the sequence we were expecting?
+ STAT(tunnel_rx_errors);
+ LOG(1, 0, t, " Out of sequence tunnel %u, (%u is not the expected %u)\n",
+ t, ns, tunnel[t].nr);
+
+ if (l) // Is this not a ZLB?
+ controlnull(t);
+ return;
+ }
+
+ // check sequence of this message
+ {
+ int skip = tunnel[t].window; // track how many in-window packets are still in queue
+ // some to clear maybe?
+ while (tunnel[t].controlc > 0 && (((tunnel[t].ns - tunnel[t].controlc) - nr) & 0x8000))
+ {
+ controlt *c = tunnel[t].controls;
+ tunnel[t].controls = c->next;
+ tunnel[t].controlc--;
+ c->next = controlfree;
+ controlfree = c;
+ skip--;
+ tunnel[t].try = 0; // we have progress
+ }
+
+ // receiver advance (do here so quoted correctly in any sends below)
+ if (l) tunnel[t].nr = (ns + 1);
+ if (skip < 0) skip = 0;
+ if (skip < tunnel[t].controlc)
+ {
+ // some control packets can now be sent that were previous stuck out of window
+ int tosend = tunnel[t].window - skip;
+ controlt *c = tunnel[t].controls;
+ while (c && skip)
+ {
+ c = c->next;
+ skip--;
+ }
+ while (c && tosend)
+ {
+ tunnel[t].try = 0; // first send
+ tunnelsend(c->buf, c->length, t);
+ c = c->next;
+ tosend--;
+ }
+ }
+ if (!tunnel[t].controlc)
+ tunnel[t].retry = 0; // caught up
+ }
+ if (l)
+ { // if not a null message
+ int result = 0;
+ int error = 0;
+ char *msg = 0;
+
+ // Default disconnect cause/message on receipt of CDN. Set to
+ // more specific value from attribute 1 (result code) or 46
+ // (disconnect cause) if present below.
+ int disc_cause_set = 0;
+ int disc_cause = TERM_NAS_REQUEST;
+ char const *disc_reason = "Closed (Received CDN).";
+
+ // process AVPs
+ while (l && !(fatal & 0x80)) // 0x80 = mandatory AVP
+ {
+ uint16_t n = (ntohs(*(uint16_t *) p) & 0x3FF);
+ uint8_t *b = p;
+ uint8_t flags = *p;
+ uint16_t mtype;
+
+ if (n > l)
+ {
+ LOG(1, s, t, "Invalid length in AVP\n");
+ STAT(tunnel_rx_errors);
+ return;
+ }
+ p += n; // next
+ l -= n;
+ if (flags & 0x3C) // reserved bits, should be clear
+ {
+ LOG(1, s, t, "Unrecognised AVP flags %02X\n", *b);
+ fatal = flags;
+ result = 2; // general error
+ error = 3; // reserved field non-zero
+ msg = 0;
+ continue; // next
+ }
+ b += 2;
+ if (*(uint16_t *) (b))
+ {
+ LOG(2, s, t, "Unknown AVP vendor %u\n", ntohs(*(uint16_t *) (b)));
+ fatal = flags;
+ result = 2; // general error
+ error = 6; // generic vendor-specific error
+ msg = "unsupported vendor-specific";
+ continue; // next
+ }
+ b += 2;
+ mtype = ntohs(*(uint16_t *) (b));
+ b += 2;
+ n -= 6;
+
+ if (flags & 0x40)
+ {
+ uint16_t orig_len;
+
+ // handle hidden AVPs
+ if (!*config->l2tp_secret)
+ {
+ LOG(1, s, t, "Hidden AVP requested, but no L2TP secret.\n");
+ fatal = flags;
+ result = 2; // general error
+ error = 6; // generic vendor-specific error
+ msg = "secret not specified";
+ continue;
+ }
+ if (!session[s].random_vector_length)
+ {
+ LOG(1, s, t, "Hidden AVP requested, but no random vector.\n");
+ fatal = flags;
+ result = 2; // general error
+ error = 6; // generic
+ msg = "no random vector";
+ continue;
+ }
+ if (n < 8)
+ {
+ LOG(2, s, t, "Short hidden AVP.\n");
+ fatal = flags;
+ result = 2; // general error
+ error = 2; // length is wrong
+ msg = 0;
+ continue;
+ }
+
+ // Unhide the AVP
+ unhide_value(b, n, mtype, session[s].random_vector, session[s].random_vector_length);
+
+ orig_len = ntohs(*(uint16_t *) b);
+ if (orig_len > n + 2)
+ {
+ LOG(1, s, t, "Original length %d too long in hidden AVP of length %d; wrong secret?\n",
+ orig_len, n);
+
+ fatal = flags;
+ result = 2; // general error
+ error = 2; // length is wrong
+ msg = 0;
+ continue;
+ }
+
+ b += 2;
+ n = orig_len;
+ }
+
+ LOG(4, s, t, " AVP %u (%s) len %d%s%s\n", mtype, l2tp_avp_name(mtype), n,
+ flags & 0x40 ? ", hidden" : "", flags & 0x80 ? ", mandatory" : "");
+
+ switch (mtype)
+ {
+ case 0: // message type
+ message = ntohs(*(uint16_t *) b);
+ mandatory = flags & 0x80;
+ LOG(4, s, t, " Message type = %u (%s)\n", *b, l2tp_code(message));
+ break;
+ case 1: // result code
+ {
+ uint16_t rescode = ntohs(*(uint16_t *) b);
+ char const *resdesc = "(unknown)";
+ char const *errdesc = NULL;
+ int cause = 0;
+
+ if (message == 4)
+ { /* StopCCN */
+ resdesc = l2tp_stopccn_result_code(rescode);
+ cause = TERM_LOST_SERVICE;
+ }
+ else if (message == 14)
+ { /* CDN */
+ resdesc = l2tp_cdn_result_code(rescode);
+ if (rescode == 1)
+ cause = TERM_LOST_CARRIER;
+ else
+ cause = TERM_ADMIN_RESET;
+ }
+
+ LOG(4, s, t, " Result Code %u: %s\n", rescode, resdesc);
+ if (n >= 4)
+ {
+ uint16_t errcode = ntohs(*(uint16_t *)(b + 2));
+ errdesc = l2tp_error_code(errcode);
+ LOG(4, s, t, " Error Code %u: %s\n", errcode, errdesc);
+ }
+ if (n > 4)
+ LOG(4, s, t, " Error String: %.*s\n", n-4, b+4);
+
+ if (cause && disc_cause_set < mtype) // take cause from attrib 46 in preference
+ {
+ disc_cause_set = mtype;
+ disc_reason = errdesc ? errdesc : resdesc;
+ disc_cause = cause;
+ }
+
+ break;
+ }
+ break;
+ case 2: // protocol version
+ {
+ version = ntohs(*(uint16_t *) (b));
+ LOG(4, s, t, " Protocol version = %u\n", version);
+ if (version && version != 0x0100)
+ { // allow 0.0 and 1.0
+ LOG(1, s, t, " Bad protocol version %04X\n", version);
+ fatal = flags;
+ result = 5; // unspported protocol version
+ error = 0x0100; // supported version
+ msg = 0;
+ continue; // next
+ }
+ }
+ break;
+ case 3: // framing capabilities
+ break;
+ case 4: // bearer capabilities
+ break;
+ case 5: // tie breaker
+ // We never open tunnels, so we don't care about tie breakers
+ continue;
+ case 6: // firmware revision
+ break;
+ case 7: // host name
+ memset(tunnel[t].hostname, 0, sizeof(tunnel[t].hostname));
+ memcpy(tunnel[t].hostname, b, (n < sizeof(tunnel[t].hostname)) ? n : sizeof(tunnel[t].hostname) - 1);
+ LOG(4, s, t, " Tunnel hostname = \"%s\"\n", tunnel[t].hostname);
+ // TBA - to send to RADIUS
+ break;
+ case 8: // vendor name
+ memset(tunnel[t].vendor, 0, sizeof(tunnel[t].vendor));
+ memcpy(tunnel[t].vendor, b, (n < sizeof(tunnel[t].vendor)) ? n : sizeof(tunnel[t].vendor) - 1);
+ LOG(4, s, t, " Vendor name = \"%s\"\n", tunnel[t].vendor);
+ break;
+ case 9: // assigned tunnel
+ tunnel[t].far = ntohs(*(uint16_t *) (b));
+ LOG(4, s, t, " Remote tunnel id = %u\n", tunnel[t].far);
+ break;
+ case 10: // rx window
+ tunnel[t].window = ntohs(*(uint16_t *) (b));
+ if (!tunnel[t].window)
+ tunnel[t].window = 1; // window of 0 is silly
+ LOG(4, s, t, " rx window = %u\n", tunnel[t].window);
+ break;
+ case 11: // Challenge
+ {
+ LOG(4, s, t, " LAC requested CHAP authentication for tunnel\n");
+ build_chap_response(b, 2, n, &chapresponse);
+ }
+ break;
+ case 13: // Response
+ // Why did they send a response? We never challenge.
+ LOG(2, s, t, " received unexpected challenge response\n");
+ break;
+
+ case 14: // assigned session
+ asession = session[s].far = ntohs(*(uint16_t *) (b));
+ LOG(4, s, t, " assigned session = %u\n", asession);
+ break;
+ case 15: // call serial number
+ LOG(4, s, t, " call serial number = %u\n", ntohl(*(uint32_t *)b));
+ break;
+ case 18: // bearer type
+ LOG(4, s, t, " bearer type = %u\n", ntohl(*(uint32_t *)b));
+ // TBA - for RADIUS
+ break;
+ case 19: // framing type
+ LOG(4, s, t, " framing type = %u\n", ntohl(*(uint32_t *)b));
+ // TBA
+ break;
+ case 21: // called number
+ memset(called, 0, sizeof(called));
+ memcpy(called, b, (n < sizeof(called)) ? n : sizeof(called) - 1);
+ LOG(4, s, t, " Called <%s>\n", called);
+ break;
+ case 22: // calling number
+ memset(calling, 0, sizeof(calling));
+ memcpy(calling, b, (n < sizeof(calling)) ? n : sizeof(calling) - 1);
+ LOG(4, s, t, " Calling <%s>\n", calling);
+ break;
+ case 23: // subtype
+ break;
+ case 24: // tx connect speed
+ if (n == 4)
+ {
+ session[s].tx_connect_speed = ntohl(*(uint32_t *)b);
+ }
+ else
+ {
+ // AS5300s send connect speed as a string
+ char tmp[30];
+ memset(tmp, 0, sizeof(tmp));
+ memcpy(tmp, b, (n < sizeof(tmp)) ? n : sizeof(tmp) - 1);
+ session[s].tx_connect_speed = atol(tmp);
+ }
+ LOG(4, s, t, " TX connect speed <%u>\n", session[s].tx_connect_speed);
+ break;
+ case 38: // rx connect speed
+ if (n == 4)
+ {
+ session[s].rx_connect_speed = ntohl(*(uint32_t *)b);
+ }
+ else
+ {
+ // AS5300s send connect speed as a string
+ char tmp[30];
+ memset(tmp, 0, sizeof(tmp));
+ memcpy(tmp, b, (n < sizeof(tmp)) ? n : sizeof(tmp) - 1);
+ session[s].rx_connect_speed = atol(tmp);
+ }
+ LOG(4, s, t, " RX connect speed <%u>\n", session[s].rx_connect_speed);
+ break;
+ case 25: // Physical Channel ID
+ {
+ uint32_t tmp = ntohl(*(uint32_t *) b);
+ LOG(4, s, t, " Physical Channel ID <%X>\n", tmp);
+ break;
+ }
+ case 29: // Proxy Authentication Type
+ {
+ uint16_t atype = ntohs(*(uint16_t *)b);
+ LOG(4, s, t, " Proxy Auth Type %u (%s)\n", atype, ppp_auth_type(atype));
+ break;
+ }
+ case 30: // Proxy Authentication Name
+ {
+ char authname[64];
+ memset(authname, 0, sizeof(authname));
+ memcpy(authname, b, (n < sizeof(authname)) ? n : sizeof(authname) - 1);
+ LOG(4, s, t, " Proxy Auth Name (%s)\n",
+ authname);
+ break;
+ }
+ case 31: // Proxy Authentication Challenge
+ {
+ LOG(4, s, t, " Proxy Auth Challenge\n");
+ break;
+ }
+ case 32: // Proxy Authentication ID
+ {
+ uint16_t authid = ntohs(*(uint16_t *)(b));
+ LOG(4, s, t, " Proxy Auth ID (%u)\n", authid);
+ break;
+ }
+ case 33: // Proxy Authentication Response
+ LOG(4, s, t, " Proxy Auth Response\n");
+ break;
+ case 27: // last sent lcp
+ { // find magic number
+ uint8_t *p = b, *e = p + n;
+ while (p + 1 < e && p[1] && p + p[1] <= e)
+ {
+ if (*p == 5 && p[1] == 6) // Magic-Number
+ amagic = ntohl(*(uint32_t *) (p + 2));
+ else if (*p == 7) // Protocol-Field-Compression
+ aflags |= SESSION_PFC;
+ else if (*p == 8) // Address-and-Control-Field-Compression
+ aflags |= SESSION_ACFC;
+ p += p[1];
+ }
+ }
+ break;
+ case 28: // last recv lcp confreq
+ break;
+ case 26: // Initial Received LCP CONFREQ
+ break;
+ case 39: // seq required - we control it as an LNS anyway...
+ break;
+ case 36: // Random Vector
+ LOG(4, s, t, " Random Vector received. Enabled AVP Hiding.\n");
+ memset(session[s].random_vector, 0, sizeof(session[s].random_vector));
+ if (n > sizeof(session[s].random_vector))
+ n = sizeof(session[s].random_vector);
+ memcpy(session[s].random_vector, b, n);
+ session[s].random_vector_length = n;
+ break;
+ case 46: // ppp disconnect cause
+ if (n >= 5)
+ {
+ uint16_t code = ntohs(*(uint16_t *) b);
+ uint16_t proto = ntohs(*(uint16_t *) (b + 2));
+ uint8_t dir = *(b + 4);
+
+ LOG(4, s, t, " PPP disconnect cause "
+ "(code=%u, proto=%04X, dir=%u, msg=\"%.*s\")\n",
+ code, proto, dir, n - 5, b + 5);
+
+ disc_cause_set = mtype;
+
+ switch (code)
+ {
+ case 1: // admin disconnect
+ disc_cause = TERM_ADMIN_RESET;
+ disc_reason = "Administrative disconnect";
+ break;
+ case 3: // lcp terminate
+ if (dir != 2) break; // 1=peer (LNS), 2=local (LAC)
+ disc_cause = TERM_USER_REQUEST;
+ disc_reason = "Normal disconnection";
+ break;
+ case 4: // compulsory encryption unavailable
+ if (dir != 1) break; // 1=refused by peer, 2=local
+ disc_cause = TERM_USER_ERROR;
+ disc_reason = "Compulsory encryption refused";
+ break;
+ case 5: // lcp: fsm timeout
+ disc_cause = TERM_PORT_ERROR;
+ disc_reason = "LCP: FSM timeout";
+ break;
+ case 6: // lcp: no recognisable lcp packets received
+ disc_cause = TERM_PORT_ERROR;
+ disc_reason = "LCP: no recognisable LCP packets";
+ break;
+ case 7: // lcp: magic-no error (possibly looped back)
+ disc_cause = TERM_PORT_ERROR;
+ disc_reason = "LCP: magic-no error (possible loop)";
+ break;
+ case 8: // lcp: echo request timeout
+ disc_cause = TERM_PORT_ERROR;
+ disc_reason = "LCP: echo request timeout";
+ break;
+ case 13: // auth: fsm timeout
+ disc_cause = TERM_SERVICE_UNAVAILABLE;
+ disc_reason = "Authentication: FSM timeout";
+ break;
+ case 15: // auth: unacceptable auth protocol
+ disc_cause = TERM_SERVICE_UNAVAILABLE;
+ disc_reason = "Unacceptable authentication protocol";
+ break;
+ case 16: // auth: authentication failed
+ disc_cause = TERM_SERVICE_UNAVAILABLE;
+ disc_reason = "Authentication failed";
+ break;
+ case 17: // ncp: fsm timeout
+ disc_cause = TERM_SERVICE_UNAVAILABLE;
+ disc_reason = "NCP: FSM timeout";
+ break;
+ case 18: // ncp: no ncps available
+ disc_cause = TERM_SERVICE_UNAVAILABLE;
+ disc_reason = "NCP: no NCPs available";
+ break;
+ case 19: // ncp: failure to converge on acceptable address
+ disc_cause = TERM_SERVICE_UNAVAILABLE;
+ disc_reason = (dir == 1)
+ ? "NCP: too many Configure-Naks received from peer"
+ : "NCP: too many Configure-Naks sent to peer";
+ break;
+ case 20: // ncp: user not permitted to use any address
+ disc_cause = TERM_SERVICE_UNAVAILABLE;
+ disc_reason = (dir == 1)
+ ? "NCP: local link address not acceptable to peer"
+ : "NCP: remote link address not acceptable";
+ break;
+ }
+ }
+ break;
+ default:
+ {
+ static char e[] = "unknown AVP 0xXXXX";
+ LOG(2, s, t, " Unknown AVP type %u\n", mtype);
+ fatal = flags;
+ result = 2; // general error
+ error = 8; // unknown mandatory AVP
+ sprintf((msg = e) + 14, "%04x", mtype);
+ continue; // next
+ }
+ }
+ }
+ // process message
+ if (fatal & 0x80)
+ tunnelshutdown(t, "Invalid mandatory AVP", result, error, msg);
+ else
+ switch (message)
+ {
+ case 1: // SCCRQ - Start Control Connection Request
+ tunnel[t].state = TUNNELOPENING;
+ if (main_quit != QUIT_SHUTDOWN)
+ {
+ controlt *c = controlnew(2); // sending SCCRP
+ control16(c, 2, version, 1); // protocol version
+ control32(c, 3, 3, 1); // framing
+ controls(c, 7, hostname, 1); // host name
+ if (chapresponse) controlb(c, 13, chapresponse, 16, 1); // Challenge response
+ control16(c, 9, t, 1); // assigned tunnel
+ controladd(c, 0, t); // send the resply
+ }
+ else
+ {
+ tunnelshutdown(t, "Shutting down", 6, 0, 0);
+ }
+ break;
+ case 2: // SCCRP
+ tunnel[t].state = TUNNELOPEN;
+ break;
+ case 3: // SCCN
+ tunnel[t].state = TUNNELOPEN;
+ controlnull(t); // ack
+ break;
+ case 4: // StopCCN
+ controlnull(t); // ack
+ tunnelshutdown(t, "Stopped", 0, 0, 0); // Shut down cleanly
+ break;
+ case 6: // HELLO
+ controlnull(t); // simply ACK
+ break;
+ case 7: // OCRQ
+ // TBA
+ break;
+ case 8: // OCRO
+ // TBA
+ break;
+ case 9: // OCCN
+ // TBA
+ break;
+ case 10: // ICRQ
+ if (sessionfree && main_quit != QUIT_SHUTDOWN)
+ {
+ controlt *c = controlnew(11); // ICRP
+
+ s = sessionfree;
+ sessionfree = session[s].next;
+ memset(&session[s], 0, sizeof(session[s]));
+
+ if (s > config->cluster_highest_sessionid)
+ config->cluster_highest_sessionid = s;
+
+ session[s].opened = time_now;
+ session[s].tunnel = t;
+ session[s].far = asession;
+ session[s].last_packet = session[s].last_data = time_now;
+ LOG(3, s, t, "New session (%u/%u)\n", tunnel[t].far, session[s].far);
+ control16(c, 14, s, 1); // assigned session
+ controladd(c, asession, t); // send the reply
+
+ strncpy(session[s].called, called, sizeof(session[s].called) - 1);
+ strncpy(session[s].calling, calling, sizeof(session[s].calling) - 1);
+
+ session[s].ppp.phase = Establish;
+ session[s].ppp.lcp = Starting;
+
+ STAT(session_created);
+ break;
+ }
+
+ {
+ controlt *c = controlnew(14); // CDN
+ if (!sessionfree)
+ {
+ STAT(session_overflow);
+ LOG(1, 0, t, "No free sessions\n");
+ control16(c, 1, 4, 0); // temporary lack of resources
+ }
+ else
+ control16(c, 1, 2, 7); // shutting down, try another
+
+ controladd(c, asession, t); // send the message
+ }
+ return;
+ case 11: // ICRP
+ // TBA
+ break;
+ case 12: // ICCN
+ if (amagic == 0) amagic = time_now;
+ session[s].magic = amagic; // set magic number
+ session[s].flags = aflags; // set flags received
+ session[s].mru = PPPoE_MRU; // default
+ controlnull(t); // ack
+
+ // start LCP
+ sess_local[s].lcp_authtype = config->radius_authprefer;
+ sess_local[s].ppp_mru = MRU;
+
+ // Set multilink options before sending initial LCP packet
+ sess_local[s].mp_mrru = 1614;
+ sess_local[s].mp_epdis = config->bind_address ? config->bind_address : my_address;
+
+ sendlcp(s, t);
+ change_state(s, lcp, RequestSent);
+ break;
+
+ case 14: // CDN
+ controlnull(t); // ack
+ sessionshutdown(s, disc_reason, CDN_NONE, disc_cause);
+ break;
+ case 0xFFFF:
+ LOG(1, s, t, "Missing message type\n");
+ break;
+ default:
+ STAT(tunnel_rx_errors);
+ if (mandatory)
+ tunnelshutdown(t, "Unknown message type", 2, 6, "unknown message type");
+ else
+ LOG(1, s, t, "Unknown message type %u\n", message);
+ break;
+ }
+ if (chapresponse) free(chapresponse);
+ cluster_send_tunnel(t);
+ }
+ else
+ {
+ LOG(4, s, t, " Got a ZLB ack\n");
+ }
+ }
+ else
+ { // data
+ uint16_t proto;
+
+ LOG_HEX(5, "Receive Tunnel Data", p, l);
+ if (l > 2 && p[0] == 0xFF && p[1] == 0x03)
+ { // HDLC address header, discard
+ p += 2;
+ l -= 2;
+ }
+ if (l < 2)
+ {
+ LOG(1, s, t, "Short ppp length %d\n", l);